Twitter Tries to Sooth Public Concerns of Safety with DMARC

Earlier this month Twitter reported a scam that affected 250,000 users, where usernames, e-mail addresses, session tokens and encrypted/salted versions of their passwords were stolen, which left users a tad uneasy, but was still forgiven by the public.

However, as we uncovered in the beginning of this week, there was a strange hack of Burger Kings’ and Jeeps’ Twitter account over the weekend that left most users with the irrefutable impression that Twitter is lacking in its security measures.

To appease to the public’s overwhelming concern, Twitter has revealed its new technology, DMARC, a new security protocol created to help reduce the potential for e-mail-based abused. According to Twitter, DMARC will solve the issues surrounding long-standing operations, deployment and reporting issues related to e-mail authentication protocols by giving E-mail providers a way to block E-mails from forged domains popping up in inboxes.

In a statement, Twitter revealed, “While this protocol is young, it has already gained significant traction in the email community with all four major email providers – AOL, Gmail, Hotmail/Outlook, and Yahoo! Mail – already on board, rejecting forged e-mails. We hope to see it gain more coverage for our users as even more E-mail providers adopt it, and that it gives you more peace of mind when you get an e-mail from us.”

Although Twitter has addressed an ongoing issue with its e-mail, it has yet to offer any innovational precautionary software for its account security. The only reassurance Twitter had to offer was to remind its users to create strong passwords and make sure that browsers and operating systems are updated with the most current versions and patches.

These are the same precautionary steps that every mobile platform advises users to take, with the hope that their chances of being hacked will substantially decrease. But as mobility usage will continue to increase, as has done so around the world, therefore creating the higher chances for a hacker to enter its gateway.

Large corporations like PayPal have begun introducing programs like Fast Identity Online (FIDO) into its operating systems, as a main part of its function deals with sensitive information, like users financial accounts. This gives mobile devices a more central role in the authentication process and uses cryptographic methods to pass information to back-end servers so log-in data is not sent over the wire or stored on the back-end, where it can be stolen.

Although Twitter does not deal with the same personal information as PayPal, as we have seen with Burger King and Jeep, if accounts are hacked companies are put at the same financial risks from is they are publicly defamed.

Without the proper set of updated laws in the industry, designed to punish data brokers and hackers in the same way that criminals are punished for robbing a bank, these types of scams will continue. Even though Twitter has put forth a new technology to protect its E-mail system, there are still many areas of security that must be covered.